public abstract class BaseDependencyCheckMojo
extends org.apache.maven.plugin.AbstractMojo
implements org.apache.maven.reporting.MavenReport
Constructor and Description |
---|
BaseDependencyCheckMojo() |
Modifier and Type | Method and Description |
---|---|
protected void |
checkForFailure(Dependency[] dependencies)
Checks to see if a vulnerability has been identified with a CVSS score
that is above the threshold set in the configuration.
|
protected java.lang.String |
createProjectReferenceName(org.apache.maven.project.MavenProject project,
org.apache.maven.shared.dependency.graph.DependencyNode dependencyNode) |
void |
execute()
Executes dependency-check.
|
void |
generate(org.codehaus.doxia.sink.Sink sink,
java.util.Locale locale)
Deprecated.
|
void |
generate(org.apache.maven.doxia.sink.Sink sink,
java.util.Locale locale)
Generates the Dependency-Check Site Report.
|
protected Filter<java.lang.String> |
getArtifactScopeExcluded()
Returns the artifact scope excluded filter.
|
java.lang.String |
getCategoryName()
Returns the category name.
|
protected java.lang.String |
getConnectionString()
Returns the connection string.
|
protected java.io.File |
getCorrectOutputDirectory()
Returns the correct output directory depending on if a site is being
executed or not.
|
protected java.io.File |
getCorrectOutputDirectory(org.apache.maven.project.MavenProject current)
Returns the correct output directory depending on if a site is being
executed or not.
|
java.util.List<java.lang.String> |
getExcludes()
Returns the list of excluded artifacts based on either artifact id or
group id and artifact id.
|
java.io.File |
getOutputDirectory()
Returns the output directory.
|
java.lang.String |
getOutputName()
Returns the output name.
|
protected org.apache.maven.project.MavenProject |
getProject()
Returns a reference to the current project.
|
protected java.util.List<org.apache.maven.project.MavenProject> |
getReactorProjects()
Returns the list of Maven Projects in this build.
|
java.io.File |
getReportOutputDirectory()
Returns the report output directory.
|
protected Settings |
getSettings()
Returns the configured settings.
|
protected Engine |
initializeEngine()
Initializes a new
Engine that can be used for scanning. |
boolean |
isExternalReport()
Returns whether this is an external report.
|
protected boolean |
isFailOnError()
Returns if the mojo should fail the build if an exception occurs.
|
protected boolean |
isGeneratingSite()
Returns true if the Maven site is being generated.
|
org.apache.maven.project.ProjectBuildingRequest |
newResolveArtifactProjectBuildingRequest(org.apache.maven.project.MavenProject project,
java.util.List<org.apache.maven.artifact.repository.ArtifactRepository> repos) |
protected void |
populateSettings()
Takes the properties supplied and updates the dependency-check settings.
|
protected java.util.Set<org.apache.maven.artifact.Artifact> |
resolveArtifactDependencies(org.apache.maven.shared.transfer.dependencies.DependableCoordinate artifact,
org.apache.maven.project.MavenProject project) |
protected void |
runCheck()
Executes the dependency-check scan and generates the necessary report.
|
protected ExceptionCollection |
scanArtifacts(org.apache.maven.project.MavenProject project,
Engine engine)
Scans the project's artifacts and adds them to the engine's dependency
list.
|
protected ExceptionCollection |
scanArtifacts(org.apache.maven.project.MavenProject project,
Engine engine,
boolean aggregate)
Scans the project's artifacts and adds them to the engine's dependency
list.
|
protected abstract ExceptionCollection |
scanDependencies(Engine engine)
Scans the dependencies of the projects.
|
protected abstract ExceptionCollection |
scanPlugins(Engine engine,
ExceptionCollection exCol)
Scans the plugins of the projects.
|
protected ExceptionCollection |
scanPlugins(org.apache.maven.project.MavenProject project,
Engine engine,
ExceptionCollection exCollection)
Scans the project's artifacts for plugin-dependencies and adds them to
the engine's dependency list.
|
void |
setReportOutputDirectory(java.io.File directory)
Sets the Reporting output directory.
|
protected void |
showSummary(org.apache.maven.project.MavenProject mp,
Dependency[] dependencies)
Generates a warning message listing a summary of dependencies and their
associated CPE and CVE entries.
|
getLog, getPluginContext, setLog, setPluginContext
public void execute() throws org.apache.maven.plugin.MojoExecutionException, org.apache.maven.plugin.MojoFailureException
execute
in interface org.apache.maven.plugin.Mojo
org.apache.maven.plugin.MojoExecutionException
- thrown if there is an exception executing
the mojoorg.apache.maven.plugin.MojoFailureException
- thrown if dependency-check failed the build@Deprecated public final void generate(org.codehaus.doxia.sink.Sink sink, java.util.Locale locale) throws org.apache.maven.reporting.MavenReportException
generate(org.apache.maven.doxia.sink.Sink, java.util.Locale)
instead.generate
in interface org.apache.maven.reporting.MavenReport
sink
- the sink to write the report tolocale
- the locale to use when generating the reportorg.apache.maven.reporting.MavenReportException
- if a maven report exception occursprotected boolean isGeneratingSite()
protected java.lang.String getConnectionString()
protected boolean isFailOnError()
public void generate(org.apache.maven.doxia.sink.Sink sink, java.util.Locale locale) throws org.apache.maven.reporting.MavenReportException
sink
- the sink to write the report tolocale
- the locale to use when generating the reportorg.apache.maven.reporting.MavenReportException
- if a maven report exception occursprotected java.io.File getCorrectOutputDirectory() throws org.apache.maven.plugin.MojoExecutionException
org.apache.maven.plugin.MojoExecutionException
- thrown if there is an error loading the
file pathprotected java.io.File getCorrectOutputDirectory(org.apache.maven.project.MavenProject current)
current
- the Maven project to get the output directory fromprotected ExceptionCollection scanArtifacts(org.apache.maven.project.MavenProject project, Engine engine)
project
- the project to scan the dependencies ofengine
- the engine to use to scan the dependenciesprotected ExceptionCollection scanArtifacts(org.apache.maven.project.MavenProject project, Engine engine, boolean aggregate)
project
- the project to scan the dependencies ofengine
- the engine to use to scan the dependenciesaggregate
- whether the scan is part of an aggregate buildprotected ExceptionCollection scanPlugins(org.apache.maven.project.MavenProject project, Engine engine, ExceptionCollection exCollection)
project
- the project to scan the plugin-dependencies ofengine
- the engine to use to scan the plugin-dependenciesexCollection
- the collection of exceptions that have previously
occurredprotected java.util.Set<org.apache.maven.artifact.Artifact> resolveArtifactDependencies(org.apache.maven.shared.transfer.dependencies.DependableCoordinate artifact, org.apache.maven.project.MavenProject project) throws org.apache.maven.shared.transfer.dependencies.resolve.DependencyResolverException
org.apache.maven.shared.transfer.dependencies.resolve.DependencyResolverException
protected java.lang.String createProjectReferenceName(org.apache.maven.project.MavenProject project, org.apache.maven.shared.dependency.graph.DependencyNode dependencyNode)
project
- the MavenProject
dependencyNode
- the DependencyNode
project reference
in a
Dependency
. The behavior of this method returns project.getName()
+ ":" +
dependencyNode.getArtifact()
.getScope()
.public org.apache.maven.project.ProjectBuildingRequest newResolveArtifactProjectBuildingRequest(org.apache.maven.project.MavenProject project, java.util.List<org.apache.maven.artifact.repository.ArtifactRepository> repos)
project
- The target project to create a building request for.repos
- the artifact repositories to use.protected void runCheck() throws org.apache.maven.plugin.MojoExecutionException, org.apache.maven.plugin.MojoFailureException
org.apache.maven.plugin.MojoExecutionException
- thrown if there is an exception running
the scanorg.apache.maven.plugin.MojoFailureException
- thrown if dependency-check is configured to
fail the buildprotected abstract ExceptionCollection scanDependencies(Engine engine) throws org.apache.maven.plugin.MojoExecutionException
engine
- the engine used to perform the scanningorg.apache.maven.plugin.MojoExecutionException
- thrown if a fatal exception occursprotected abstract ExceptionCollection scanPlugins(Engine engine, ExceptionCollection exCol) throws org.apache.maven.plugin.MojoExecutionException
engine
- the engine used to perform the scanningexCol
- the collection of any exceptions that have previously been
captured.org.apache.maven.plugin.MojoExecutionException
- thrown if a fatal exception occurspublic java.io.File getReportOutputDirectory()
getReportOutputDirectory
in interface org.apache.maven.reporting.MavenReport
public void setReportOutputDirectory(java.io.File directory)
setReportOutputDirectory
in interface org.apache.maven.reporting.MavenReport
directory
- the output directorypublic java.io.File getOutputDirectory()
public final boolean isExternalReport()
isExternalReport
in interface org.apache.maven.reporting.MavenReport
true
public java.lang.String getOutputName()
getOutputName
in interface org.apache.maven.reporting.MavenReport
public java.lang.String getCategoryName()
getCategoryName
in interface org.apache.maven.reporting.MavenReport
protected Engine initializeEngine() throws DatabaseException
Engine
that can be used for scanning. This
method should only be called in a try-with-resources to ensure that the
engine is properly closed.Engine
DatabaseException
- thrown if there is a database exceptionprotected void populateSettings()
protected org.apache.maven.project.MavenProject getProject()
@Component MavenProject project;
defined then the abstract
class (i.e. this class) will not have access to the current project (just
the way Maven works with the binding).protected java.util.List<org.apache.maven.project.MavenProject> getReactorProjects()
public java.util.List<java.lang.String> getExcludes()
protected Filter<java.lang.String> getArtifactScopeExcluded()
protected Settings getSettings()
protected void checkForFailure(Dependency[] dependencies) throws org.apache.maven.plugin.MojoFailureException
dependencies
- the list of dependency objectsorg.apache.maven.plugin.MojoFailureException
- thrown if a CVSS score is found that is
higher then the threshold setprotected void showSummary(org.apache.maven.project.MavenProject mp, Dependency[] dependencies)
mp
- the Maven project for which the summary is showndependencies
- a list of dependency objectsCopyright© 2012-21 Jeremy Long. All Rights Reserved.